make directives immutable

This commit is contained in:
Martin McKeaveney 2024-11-10 13:11:49 +00:00
parent 1543e6dc2b
commit 9525cf8682
1 changed files with 3 additions and 2 deletions

View File

@ -90,11 +90,12 @@ export async function contentSecurityPolicy(ctx: any, next: any) {
try { try {
const nonce = crypto.randomBytes(16).toString("base64") const nonce = crypto.randomBytes(16).toString("base64")
CSP_DIRECTIVES["script-src"].push(`'nonce-${nonce}'`) const directives = { ...CSP_DIRECTIVES }
directives["script-src"] = [...CSP_DIRECTIVES["script-src"], `'nonce-${nonce}'`]
ctx.state.nonce = nonce ctx.state.nonce = nonce
const cspHeader = Object.entries(CSP_DIRECTIVES) const cspHeader = Object.entries(directives)
.map(([key, sources]) => `${key} ${sources.join(" ")}`) .map(([key, sources]) => `${key} ${sources.join(" ")}`)
.join("; ") .join("; ")
ctx.set("Content-Security-Policy", cspHeader) ctx.set("Content-Security-Policy", cspHeader)